Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91982 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

System Restore gone wrong


  • This topic is locked This topic is locked
6 replies to this topic

#1 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 18 July 2014 - 02:39 PM

I let my neighbor borrowed my laptop. Upon visiting her, I found my laptop irritatingly slow, the system freezes, & can't get any updates. I can't do a system restore, the laptop won't stay powered on unless I have the adaptor (power) cord attached to it. When I try to do a system restore, it goes back to May 25, 2014. I chose that date even though I know the system has been acting up a couple of months before that. Any help at this point will be greatly appreciated. I am going to start a new post in the Windows section for the System Restore fix as I see this same topic in the Windows section of this site. I hope that is ok.

 

This is the message I received on my last attempt to do a System Restore. 

"System Restore did not complete successfully. Your computer's system files and settings were not changed. 

Details: The System Restore is still in progress or did not complete.

You might want to try System Restore again or choose a different restore point."

 

I have Windows Vista Home Premium

Dell Inspiron 1525 

Intel Core 2 Duo CPU w/ 3 GB Memory.


    Advertisements

Register to Remove


#2 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,815 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 18 July 2014 - 03:33 PM

You need to make sure there is no malware before checking for other problems.

 

Go to the Spyware / Malware / Virus Removal forum, read the info there and follow the posted directions. Once you receive a clean bill of health, come back here if you have any additional questions or concerns or it turns out not to be a malware problem.

Please be patient as that is a very busy area. If you do not receive a response in 3 days, post a message here: What To Do If You Have No Response In 3 Days?

Do not reply to your post there as the malware folks look for posts with no replies first.
 


Rich

Artificial intelligence is no match for natural stupidity.


#3 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 19 July 2014 - 06:49 PM

I hope this is what you wanted me to do from your instructions. I'm not sure if this mean I have a clean bill of health or not.

 

Here are the posts you requested I run. 

 

OTL.txt report:

 

OTL logfile created on: 7/18/2014 7:45:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19543)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 51.65% Memory free
6.18 Gb Paging File | 4.65 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 128.12 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.47 Gb Free Space | 56.00% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Scott\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe ()
PRC - c:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\InboxAce_1g\bar\1.bin\1gbrmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files\InboxAce_1g\bar\1.bin\1gbarsvc.exe (COMPANYVERS_NAME)
PRC - C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
PRC - C:\Program Files\CenturyLink\QuickCare\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\CenturyLink\QuickCare\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ()
MOD - C:\Program Files\AVG Secure Search\TBAPI.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater18.1.7) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe (AVG Secure Search)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (InboxAce_1gService) -- C:\Program Files\InboxAce_1g\bar\1.bin\1gbarsvc.exe (COMPANYVERS_NAME)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_quickcare) -- C:\Program Files\CenturyLink\QuickCare\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (sprtsvc_quickcare) -- C:\Program Files\CenturyLink\QuickCare\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (BCM42RLY) -- system32\drivers\BCM42RLY.sys File not found
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgdiskx) -- C:\Windows\System32\drivers\avgdiskx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (WDC_SAM) -- C:\Windows\System32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUS
IE - HKLM\..\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}: "URL" = http://search.tb.ask...r={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B0C99B09-3B95-4B25-9C5F-2316CA3BB3FD}&mid=dbcdbd7bf1730a95f8a27b9c8dfe6a84-2dc3384a3ee3d63b323b3db705c126c60234bd32&lang=en&ds=AVG&pr=fr&d=2011-10-12 22:40:30&v=17.2.0.38&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\ComcastSearch: "URL" = http://search.comcas...cat=Web&con=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@InboxAce_1g.com/Plugin: C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll (Mindspark)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38
 
[2010/04/26 19:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2010/04/26 19:42:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1829_0\plugins/avgnpss.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: AdBlock = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.7_0\
CHR - Extension: Google Wallet = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Search Assistant BHO) - {9359da42-06fb-46f2-9e4a-05c05b98a5ef} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll (Mindspark)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (CenturyLink) - {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files\qwesttoolbar\qwesttoolbarDx.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Toolbar BHO) - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll (Mindspark)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (InboxAce) - {3775afd7-5921-4571-968f-85a631203d1c} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll (Mindspark)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (CenturyLink) - {A317CB83-299C-4FC8-9ED7-2D64117D98EE} - C:\Program Files\qwesttoolbar\qwesttoolbarDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxAce) - {3775AFD7-5921-4571-968F-85A631203D1C} - C:\Program Files\InboxAce_1g\bar\1.bin\1gbar.dll (Mindspark)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [hpqSRMon]  File not found
O4 - HKLM..\Run: [InboxAce EPM Support] C:\Program Files\InboxAce_1g\bar\1.bin\1gmedint.exe (Mindspark Interactive Network, Inc.)
O4 - HKLM..\Run: [InboxAce Home Page Guard 32 bit] "C:\PROGRA~1\INBOXA~2\bar\1.bin\AppIntegrator.exe" File not found
O4 - HKLM..\Run: [InboxAce Search Scope Monitor] C:\Program Files\InboxAce_1g\bar\1.bin\1gSrchMn.exe (Mindspark)
O4 - HKLM..\Run: [InboxAce_1g Browser Plugin Loader] C:\Program Files\InboxAce_1g\bar\1.bin\1gbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FE46B69-5EBE-4C97-8567-8C339A909E76}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_03.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_NB_1280x864_03.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{40e7b625-0979-11df-8ce8-00219bdf33cc}\Shell - "" = AutoRun
O33 - MountPoints2\{40e7b625-0979-11df-8ce8-00219bdf33cc}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{78450202-0cfe-11e1-92ce-00219bdf33cc}\Shell - "" = AutoRun
O33 - MountPoints2\{78450202-0cfe-11e1-92ce-00219bdf33cc}\Shell\AutoRun\command - "" = G:\UEZLink.exe
O33 - MountPoints2\{b1c7986b-fba8-11e0-a9e9-00219bdf33cc}\Shell - "" = AutoRun
O33 - MountPoints2\{b1c7986b-fba8-11e0-a9e9-00219bdf33cc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{f805ddd8-65b5-11df-a786-00219bdf33cc}\Shell - "" = AutoRun
O33 - MountPoints2\{f805ddd8-65b5-11df-a786-00219bdf33cc}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f8eb5cb0-66e8-11df-88d1-00219bdf33cc}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/07/16 20:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/07/09 13:29:26 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2014/07/09 13:29:24 | 002,051,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/07/09 13:28:48 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2014/07/09 13:28:46 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/07/09 13:28:45 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/07/09 13:28:45 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/07/09 13:28:45 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2014/07/09 13:28:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2014/07/09 13:28:44 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/07/09 13:28:44 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/07/09 13:28:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2014/07/09 13:28:44 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/07/09 13:28:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/07/09 13:28:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/07/09 13:28:44 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2014/07/09 13:28:44 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2014/07/09 13:28:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/07/09 13:28:43 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/07/09 13:28:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/07/09 13:28:43 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2014/07/09 13:28:43 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2014/07/01 11:10:23 | 000,000,000 | ---D | C] -- C:\Users\Scott\Documents\Ann's & Ehsan's Wedding
[91 C:\Users\Scott\Documents\*.tmp files -> C:\Users\Scott\Documents\*.tmp -> ]
[1 C:\Users\Scott\AppData\Local\*.tmp files -> C:\Users\Scott\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/07/18 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/07/18 19:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/07/18 18:59:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/07/18 18:59:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/07/18 15:06:25 | 000,645,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/07/18 15:06:24 | 000,120,994 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/18 15:01:37 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/07/18 14:59:51 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/07/18 14:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/07/16 20:35:19 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/07/11 08:22:32 | 000,380,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/07/09 13:45:26 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/07/09 13:45:26 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/07/03 11:13:14 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2014/06/28 00:06:27 | 000,000,940 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2014/06/23 08:22:31 | 000,042,784 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[91 C:\Users\Scott\Documents\*.tmp files -> C:\Users\Scott\Documents\*.tmp -> ]
[1 C:\Users\Scott\AppData\Local\*.tmp files -> C:\Users\Scott\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/07/16 20:35:19 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/06/11 17:31:53 | 000,000,000 | ---- | C] () -- C:\Users\Scott\AppData\Local\{EA8F7E9C-935E-4551-976C-2CF79EA2A98C}
[2013/12/15 18:33:36 | 000,000,000 | ---- | C] () -- C:\Users\Scott\AppData\Roaming\wklnhst.dat
[2012/06/05 21:25:15 | 000,004,096 | -H-- | C] () -- C:\Users\Scott\AppData\Local\keyfile3.drm
[2010/09/25 09:02:42 | 000,029,960 | ---- | C] () -- C:\Users\Scott\spray_foam_insulation.pdf
[2010/03/03 22:14:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/08 19:50:16 | 000,006,648 | ---- | C] () -- C:\Users\Scott\AppData\Local\d3d9caps.dat
[2008/12/29 18:45:57 | 000,008,248 | ---- | C] () -- C:\Users\Scott\AppData\Local\en.ini
[2008/11/19 16:58:14 | 000,089,088 | ---- | C] () -- C:\Users\Scott\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/09 13:31:43 | 000,000,552 | ---- | C] () -- C:\Users\Scott\AppData\Local\d3d8caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/20 00:34:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AVG2014
[2010/03/31 00:12:40 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\EPSON
[2010/12/13 20:35:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Image Zone Express
[2010/10/30 12:41:35 | 000,000,000 | -H-D | M] -- C:\Users\Scott\AppData\Roaming\InstallJammer Registry
[2010/03/28 18:23:35 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Leadertech
[2011/11/03 22:03:34 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\OpswatLogs
[2014/07/16 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PCHC
[2010/12/09 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Printer Info Cache
[2011/12/08 23:07:00 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\QuickScan
[2014/07/16 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Riverpoint Writer
[2011/07/18 11:01:29 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Sammsoft
[2013/12/15 18:33:36 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Template
[2014/05/20 00:32:41 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TuneUp Software
[2014/07/16 22:06:03 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\W Photo Studio Viewer
[2010/05/21 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Walgreens
[2012/07/06 15:31:33 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\WeatherBug
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: EXPLORER.EXE.2112.DMP  >
[2014/05/24 14:43:20 | 002,620,964 | ---- | M] () MD5=19AED50239EE32DA38BBC05C685CCDAB -- C:\Users\Scott\AppData\Local\CrashDumps\explorer.exe.2112.dmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2006/11/02 07:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 07:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE-D5E97654.PF  >
[2014/07/11 08:25:00 | 000,164,760 | ---- | M] () MD5=A3385388CFC724993BC1DECEEBF6E4BA -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf
 
< MD5 for: IEXPLORE.EXE  >
[2012/02/28 06:33:51 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=00A346CE3D3701EA085E87EEF746A74A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19222_none_123762452fda50e6\iexplore.exe
[2011/07/23 06:02:27 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=04D1DC458C723B291179F8449ACC281D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19120_none_12355fcb2fdc2111\iexplore.exe
[2013/03/01 07:26:43 | 000,638,104 | ---- | M] (Microsoft Corporation) MD5=062C1DA7AC453D890FA2D3D6768A74F6 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19412_none_124235fd2fd22f43\iexplore.exe
[2009/01/14 23:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2012/11/09 05:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation) MD5=0BC355C49DC6D3E678D4C5C5AE467AEF -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19393_none_11ecb50130122afb\iexplore.exe
[2011/09/30 18:49:11 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=0E1695AD4C30E72D68170F01B4818A80 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23250_none_129e8cd2491214ae\iexplore.exe
[2014/02/02 15:11:36 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=153A7C95B3E529725FB60632BD0B2DD7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19499_none_11f2b8a3300cc02c\iexplore.exe
[2008/06/26 22:54:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=157F8DE991396C536820D7FA5C8DCF7D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[2008/08/06 13:06:32 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2008/10/01 22:50:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009/11/21 01:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/07/18 07:16:49 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D5A01AA2DE47C052AF46D7EBCB003A3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[2009/07/18 16:39:09 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1D8163DBFECAEDB9C48C5F55084BC491 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[2009/03/02 23:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 11:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010/02/23 10:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/15 03:57:00 | 000,638,048 | ---- | M] (Microsoft Corporation) MD5=26B900640CE979A708FD3793FA8A6C50 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23359_none_12a791524909f5e4\iexplore.exe
[2011/11/03 02:33:09 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=2A268DF89913A0E927091077878EDB3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23266_none_1299bea24914c8a9\iexplore.exe
[2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 00:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2014/02/01 17:04:25 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=3474D2AB4B51A0E29E8D86CDCBEF460C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23562_none_1295c32c49185ac2\iexplore.exe
[2010/01/02 09:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2014/05/28 01:59:54 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=44E5A52D4FA15DB3E93A04478BAFBC5F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23603_none_12d7a4e448e6c99a\iexplore.exe
[2014/05/27 20:15:50 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=4863014FC741B3CA95C8170B26AFD8C6 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19539_none_12339a112fdc15ad\iexplore.exe
[2010/05/04 01:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 01:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009/07/22 01:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/10/15 23:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2011/07/23 06:42:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4D08A4234D645EFCB30605CC0BFA87F4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23216_none_12cfce3e48ec3cf4\iexplore.exe
[2008/06/26 20:41:30 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4DBD95312B1C96C5285D38F1D748CD4D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[2014/02/23 06:52:04 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=52D0BBF2C9F7F292A10F20149E216D5D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23580_none_127e22c0492a5ff6\iexplore.exe
[2010/11/02 01:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/20 21:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2013/10/25 04:02:37 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=5C642DB5CE65342861AE21761F7D94D0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23543_none_12ac634e49073c37\iexplore.exe
[2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2008/10/01 22:32:01 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2013/10/13 06:57:38 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=6FFAB7560479BD8E31D5005A961526D8 -- C:\Windows\SoftwareDistribution\Download\e1dc109484fce44eb7192dc0ab315002\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19483_none_11f786d3300a0c31\iexplore.exe
[2013/10/12 08:13:54 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=726B426DD8BE34D73E5F36E9222A3CD3 -- C:\Windows\SoftwareDistribution\Download\e1dc109484fce44eb7192dc0ab315002\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23536_none_12ba341848fc6c4b\iexplore.exe
[2012/08/25 09:00:49 | 000,638,064 | ---- | M] (Microsoft Corporation) MD5=73FB5D3283671B301A59544B58EFECF8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23415_none_12ced1c048ed1deb\iexplore.exe
[2010/06/26 01:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 02:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2011/09/30 18:07:49 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7ACBBC85FCE4989B533220FC3B291633 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19154_none_1218f12f2ff0da40\iexplore.exe
[2012/06/28 06:40:41 | 000,638,048 | ---- | M] (Microsoft Corporation) MD5=7BC18656CCDD305665D3D7FAA283744A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19298_none_11f1b48d300dac87\iexplore.exe
[2009/08/27 08:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2011/05/28 02:09:20 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7EE10C5413AD7ED1AF9E8FAE1B58FC3E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_127f1b72492984b1\iexplore.exe
[2009/07/18 07:16:45 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=7FCF4E704A48D95202F3E7A1E1A21412 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[2010/01/02 01:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2014/02/23 05:54:56 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=89E7D65BC0980AC94732034E87D89ADC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19518_none_1248399f2fccc474\iexplore.exe
[2009/03/02 23:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2010/11/02 02:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2008/08/06 13:06:32 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2012/05/15 01:37:18 | 000,638,048 | ---- | M] (Microsoft Corporation) MD5=9AC31470779A703021C337FD83D683EE -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19272_none_120152a93002dc9b\iexplore.exe
[2011/02/22 02:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2014/02/23 12:39:17 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=9E56F048B463081F2DE59F3F63459831 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23569_none_129cc53249120c23\iexplore.exe
[2009/03/02 23:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2010/02/23 01:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2014/05/23 19:57:39 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=AAE6FC0EE5754C31189121493912A4E3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23598_none_127b5524492b469f\iexplore.exe
[2014/05/28 02:07:56 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=ABB7B48BE45D52BAF7A9931B1EEACAA5 -- C:\Program Files\Internet Explorer\iexplore.exe
[2014/05/28 02:07:56 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=ABB7B48BE45D52BAF7A9931B1EEACAA5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19543_none_1222c8692fe99994\iexplore.exe
[2009/03/08 16:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2014/02/23 12:45:27 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=BB51960837DF3308F8929C687B7160B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19507_none_125209412fc58f2c\iexplore.exe
[2011/02/22 01:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2009/07/21 16:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2011/11/03 01:23:19 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=CCDB0B2D1F2E016966B1DB1097E24842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19170_none_11ff502f3004acc6\iexplore.exe
[2012/11/09 07:25:15 | 000,638,024 | ---- | M] (Microsoft Corporation) MD5=CCF48EB85EF9B67250CEBA8043B28AD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23461_none_1294c0fc49194444\iexplore.exe
[2012/06/28 08:04:55 | 000,638,048 | ---- | M] (Microsoft Corporation) MD5=CE4945834BFE91AF301FA829E3E8A7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23385_none_128320664925e45b\iexplore.exe
[2012/02/28 13:09:50 | 000,638,240 | ---- | M] (Microsoft Corporation) MD5=CF4EFFB58D9D91E8D219C8E93BC59471 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23318_none_12d1d0b848ea6cc9\iexplore.exe
[2009/04/24 11:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2010/09/08 01:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2009/04/24 11:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2013/10/25 03:26:54 | 000,638,120 | ---- | M] (Microsoft Corporation) MD5=D66144C1BC885E523AD74BAD1EC6566D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19489_none_11fd888f3004a43b\iexplore.exe
[2008/10/15 23:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2012/08/25 06:55:48 | 000,638,064 | ---- | M] (Microsoft Corporation) MD5=E5E317948D5F2B28A7D7A2E8F29F1008 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19328_none_123d65e72fd4e617\iexplore.exe
[2013/03/01 08:28:50 | 000,638,104 | ---- | M] (Microsoft Corporation) MD5=E71F19803DE772F1AA541BE97F1D64B9 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23480_none_127e20da492a62cf\iexplore.exe
[2009/11/21 10:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/02 23:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2009/07/18 06:55:42 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=EBEE9E4421F35CD861107DDA0266FBB1 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[2011/05/28 01:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=ED65737D70FDEAC29F738E77D2496EE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_11fc80ad30059648\iexplore.exe
[2010/06/26 01:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/14 23:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 11:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.1072.DMP  >
[2014/02/09 11:44:31 | 006,630,537 | ---- | M] () MD5=A749836CE9C0F205A0106DD42A24A905 -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.1072.dmp
 
< MD5 for: IEXPLORE.EXE.5380.DMP  >
[2014/01/29 03:14:04 | 006,820,822 | ---- | M] () MD5=3E4BEDD2FBF0B6BBB493800E3EF16D2C -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.5380.dmp
 
< MD5 for: IEXPLORE.EXE.5992.DMP  >
[2014/02/01 09:56:27 | 006,657,824 | ---- | M] () MD5=43111182AE8D2D6A5FFF7653DD7BA925 -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.5992.dmp
 
< MD5 for: IEXPLORE.EXE.6704.DMP  >
[2014/01/29 03:31:33 | 006,947,132 | ---- | M] () MD5=EC52359B6F96B33A992D627F7E1AF798 -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.6704.dmp
 
< MD5 for: IEXPLORE.EXE.6792.DMP  >
[2014/01/29 02:26:20 | 006,734,322 | ---- | M] () MD5=71CF92BC87C8449D9F2F4EA46812544B -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.6792.dmp
 
< MD5 for: IEXPLORE.EXE.6804.DMP  >
[2014/06/16 08:02:59 | 003,505,525 | ---- | M] () MD5=265B7F955C8678C7354BED4EA03EE64F -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.6804.dmp
 
< MD5 for: IEXPLORE.EXE.7036.DMP  >
[2014/01/29 01:19:18 | 007,596,736 | ---- | M] () MD5=044390D94E8125D0DFB1AC8299E30070 -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.7036.dmp
 
< MD5 for: IEXPLORE.EXE.712.DMP  >
[2014/02/09 11:38:33 | 006,852,689 | ---- | M] () MD5=D4C94B5C5776B90FE68860BD4094934C -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.712.dmp
 
< MD5 for: IEXPLORE.EXE.8144.DMP  >
[2014/01/29 01:55:39 | 006,701,934 | ---- | M] () MD5=0CE611EAA2F095CE1D0F9F34EC34D86D -- C:\Users\Scott\AppData\Local\CrashDumps\iexplore.exe.8144.dmp
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2006/11/02 07:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2009/03/08 16:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 16:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui
 
< MD5 for: IEXPLORE.EXE-058FE8F5.PF  >
[2014/07/17 04:56:27 | 000,200,064 | ---- | M] () MD5=9E07E715B7C9CC803413BFBCD3DD3C47 -- C:\Windows\Prefetch\IEXPLORE.EXE-058FE8F5.pf
 
< MD5 for: SERVICES  >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 21:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.EXE-7FDA2469.PF  >
[2014/07/11 08:22:52 | 000,009,512 | ---- | M] () MD5=F831660DB94F103D2DC344A7F1086B8F -- C:\Windows\Prefetch\SERVICES.EXE-7FDA2469.pf
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2008/01/20 21:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 21:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 07:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
 
< MD5 for: WINLOGON.EXE-DEDDC9B6.PF  >
[2014/07/11 08:22:52 | 000,016,236 | ---- | M] () MD5=1867ADB7241B058C1C4E92B5C5A5A0DA -- C:\Windows\Prefetch\WINLOGON.EXE-DEDDC9B6.pf
 
< MD5 for: WINLOGON.MOF  >
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/08/06 13:09:21 | 000,003,522 | RH-- | M] () -- C:\dell.sdr
[2010/05/11 01:57:23 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/10/25 08:27:24 | 000,000,882 | ---- | M] () -- C:\net_save.dna
[2008/08/06 10:33:01 | 000,026,927 | ---- | M] () -- C:\newfile.enc
[2008/08/06 10:33:01 | 000,026,927 | ---- | M] () -- C:\newkey
[2014/07/18 14:59:35 | 3524,587,520 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/10 11:48:35 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/10/20 19:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2008/01/20 21:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is OS
 Volume Serial Number is E23A-04A0
 Directory of C:\ProgramData
09/24/2008  12:36 PM    <JUNCTION>     Application Data [C:\ProgramData]
09/24/2008  12:36 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
09/24/2008  12:36 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
09/24/2008  12:36 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
09/24/2008  12:36 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/24/2008  12:36 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
09/24/2008  12:36 PM    <SYMLINKD>     All Users [C:\ProgramData]
09/24/2008  12:36 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
09/24/2008  12:36 PM    <JUNCTION>     Application Data [C:\ProgramData]
09/24/2008  12:36 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
09/24/2008  12:36 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
09/24/2008  12:36 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
09/24/2008  12:36 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
09/24/2008  12:36 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
09/24/2008  12:36 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
09/24/2008  12:36 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
09/24/2008  12:36 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
09/24/2008  12:36 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
09/24/2008  12:36 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/24/2008  12:36 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/24/2008  12:36 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
09/24/2008  12:36 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
09/24/2008  12:36 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
09/24/2008  12:36 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
09/24/2008  12:36 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
09/24/2008  12:36 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
09/24/2008  12:36 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
09/24/2008  12:36 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
09/24/2008  12:36 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
09/24/2008  12:36 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Mcx1
12/11/2011  07:09 PM    <JUNCTION>     Application Data [C:\Users\Mcx1\AppData\Roaming]
12/11/2011  07:09 PM    <JUNCTION>     Cookies [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Cookies]
12/11/2011  07:09 PM    <JUNCTION>     Local Settings [C:\Users\Mcx1\AppData\Local]
12/11/2011  07:09 PM    <JUNCTION>     My Documents [C:\Users\Mcx1\Documents]
12/11/2011  07:09 PM    <JUNCTION>     NetHood [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/11/2011  07:09 PM    <JUNCTION>     PrintHood [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/11/2011  07:09 PM    <JUNCTION>     Recent [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Recent]
12/11/2011  07:09 PM    <JUNCTION>     SendTo [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\SendTo]
12/11/2011  07:09 PM    <JUNCTION>     Start Menu [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu]
12/11/2011  07:09 PM    <JUNCTION>     Templates [C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Mcx1\AppData\Local
12/11/2011  07:09 PM    <JUNCTION>     Application Data [C:\Users\Mcx1\AppData\Local]
12/11/2011  07:09 PM    <JUNCTION>     History [C:\Users\Mcx1\AppData\Local\Microsoft\Windows\History]
12/11/2011  07:09 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Mcx1\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Mcx1\Documents
12/11/2011  07:09 PM    <JUNCTION>     My Music [C:\Users\Mcx1\Music]
12/11/2011  07:09 PM    <JUNCTION>     My Pictures [C:\Users\Mcx1\Pictures]
12/11/2011  07:09 PM    <JUNCTION>     My Videos [C:\Users\Mcx1\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
09/24/2008  12:36 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
09/24/2008  12:36 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
09/24/2008  12:36 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Scott
09/24/2008  12:39 PM    <JUNCTION>     Application Data [C:\Users\Scott\AppData\Roaming]
09/24/2008  12:39 PM    <JUNCTION>     Cookies [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Cookies]
09/24/2008  12:39 PM    <JUNCTION>     Local Settings [C:\Users\Scott\AppData\Local]
09/24/2008  12:39 PM    <JUNCTION>     My Documents [C:\Users\Scott\Documents]
09/24/2008  12:39 PM    <JUNCTION>     NetHood [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/24/2008  12:39 PM    <JUNCTION>     PrintHood [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/24/2008  12:39 PM    <JUNCTION>     Recent [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Recent]
09/24/2008  12:39 PM    <JUNCTION>     SendTo [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\SendTo]
09/24/2008  12:39 PM    <JUNCTION>     Start Menu [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu]
09/24/2008  12:39 PM    <JUNCTION>     Templates [C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Scott\AppData\Local
09/24/2008  12:39 PM    <JUNCTION>     Application Data [C:\Users\Scott\AppData\Local]
09/24/2008  12:39 PM    <JUNCTION>     History [C:\Users\Scott\AppData\Local\Microsoft\Windows\History]
09/24/2008  12:39 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Scott\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Scott\AppData\LocalLow
11/27/2011  12:14 AM    <JUNCTION>     PlayReady [C:\ProgramData\Microsoft\PlayReady]
               0 File(s)              0 bytes
 Directory of C:\Users\Scott\Documents
09/24/2008  12:39 PM    <JUNCTION>     My Music [C:\Users\Scott\Music]
09/24/2008  12:39 PM    <JUNCTION>     My Pictures [C:\Users\Scott\Pictures]
09/24/2008  12:39 PM    <JUNCTION>     My Videos [C:\Users\Scott\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
08/06/2008  10:39 AM    <JUNCTION>     Application Data [c:\Windows\system32\config\systemprofile\AppData\Roaming]
08/06/2008  10:39 AM    <JUNCTION>     Cookies [c:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/06/2008  10:39 AM    <JUNCTION>     Local Settings [c:\Windows\system32\config\systemprofile\AppData\Local]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
08/06/2008  10:39 AM    <JUNCTION>     Application Data [c:\Windows\system32\config\systemprofile\AppData\Local]
08/06/2008  10:39 AM    <JUNCTION>     History [c:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/06/2008  10:39 AM    <JUNCTION>     Temporary Internet Files [c:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              72 Dir(s)  138,566,139,904 bytes free
 
< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/07/10 08:41:29 | 000,000,286 | -HS- | M] () -- C:\Users\Scott\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-07-11 13:15:04
 
< End of report >

Edited by Nettie724, 19 July 2014 - 06:59 PM.


#4 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 19 July 2014 - 06:57 PM

Here is the second report: 

 

Extras.Txt: 

 

OTL Extras logfile created on: 7/18/2014 7:45:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19543)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 51.65% Memory free
6.18 Gb Paging File | 4.65 Gb Available in Paging File | 75.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.58 Gb Total Space | 128.12 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.47 Gb Free Space | 56.00% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BFE656-B7DF-410E-8A39-B62B9F17A942}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{03A823DD-AB07-44A6-AEC2-BACF20296E6B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{05AA7A55-4DB7-46C7-A064-4A62EB77A661}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0A787CE8-C054-45D5-BBC0-95057F3EE6BD}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{2016D724-A702-4C9C-9E35-ADC212E35E1A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2C35573B-6B58-4385-9EE1-3915FB53AD21}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{2ED9899A-FCA3-4712-8218-48263C735FB7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3361174E-E583-444F-95D4-741E92CF1CD1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{384BF9E2-E8A7-4C96-AE34-0CC6C7544E6E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F499C15-5AC5-4E69-B530-1669B26A38B3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4077509B-DCCC-461A-A610-A381F0B6CBD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4492A3C1-302D-4703-91B8-307A98EE16D6}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{49344701-D8E4-4A23-8ABA-33A76F78414E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4CF9932D-2683-4307-9EDA-659FF7181B3E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4D3FD7AA-2C20-4214-8CD8-A96F178F4299}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4E88EF26-0781-4BD9-A483-4D43185DE068}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{58A47219-E956-42B9-887C-69BBC16E4E55}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5910A565-8FA5-4BE3-A53A-F6ECBE22DE52}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{5ABFD686-9AF6-4FFB-A100-6FDFDB9B216D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5DA823CF-1740-46C6-BACD-0593AEB6AC46}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6990E608-AB99-4F23-9C9D-9E3B54574328}" = rport=445 | protocol=6 | dir=out | app=system | 
"{70EE8131-5DD4-4CD6-A85D-F35AAA65EC8D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{724F36EA-4D09-4255-92E4-1C5F6A9ED235}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{75FF6410-63EC-4592-A353-EDCB69389A32}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{797A0CFA-9589-474D-953F-7597C395BB41}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7B69315E-65BB-411E-B729-83D0A856E04C}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{7BEFA5D4-9A8B-4B3A-AA90-4E691A9DE12E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{85633294-EB6F-4526-BF63-555D2006B5BC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8A73ED06-E3A3-4ACE-B8DC-020DA57EE1A2}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{8AB4B15C-20C8-43D9-AAB3-7699259FDD63}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{91573FE1-FB7A-48E3-BAF9-48001BC32B6F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{981DADC5-F522-4295-B9F8-076C16F7E7FE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9B5C98B6-17D5-44B7-94E0-74D4D5C55A48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9F085B4F-4A07-4543-B2B5-9210BD09C143}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A298E5C7-2A5A-42E8-80AF-4EA03F25428F}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A75736F0-B827-4404-BAD0-3154588AFB3B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A837A6FB-7A38-4909-A83D-1926EB4E540D}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{A910A9F1-F8BA-4E4A-BFCC-2B9F0C26D66E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{A997CA4D-17B1-4648-9AA5-40F839C08743}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A9FE452E-E0E3-40E5-AA79-17C8ECED3E26}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{AFBD41F4-D7F9-4099-80BE-00454C0073FE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0A8E675-E2C6-4AEB-8A47-C3BC36195E37}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B78005BE-F4D2-4D0F-915A-759030126063}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{BA697C08-ECD3-4E9A-A315-44A590FCBCA0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BC38D346-50E6-457A-B816-763C27EABAD2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{BE47339B-5B98-4DAC-B97B-E6BB0016E041}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C75B0308-A79E-40A2-A8A3-3D93F0473CA1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CB6AC29C-03F4-4753-BDD4-78728790F496}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CE7A1104-92D2-46D8-AC84-B76C2CD1B089}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{CF04CE23-806A-4A8E-9F00-2294939243AE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D09AE9AD-D4E1-49D3-AF94-BA9D32605EC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D5E6FED3-BE7E-4113-B4EB-7262158E2BB7}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DC677341-A449-4CFB-811B-B6F3725BE3DE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E1899E0D-9938-4472-86B8-DB3AC3D32AB0}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{E78308F2-7D96-4F13-AF73-0EC2F4037E4E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEBC1561-6119-4F40-BDF7-891137A42BD6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{EF8FF7EC-84C3-486A-AE1F-A1BB609E896B}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{FE8E8FCC-206F-4FC4-9016-976BC2FFFF5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF1153F5-D6FC-488C-A331-08A84394A659}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD68AD9-357C-4113-BB86-5DC714367227}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{10C4A9F5-3DDA-4054-B887-8E9B5CA85021}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{13E1A35C-7C83-4AB0-92B8-4B99C564C6AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{1A9D7E47-BF8F-4025-A667-1E914D264E59}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | 
"{25558ACD-12C2-491C-A992-6DC5D330B955}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{26D410DF-56D3-44E2-86C4-B3DC67F8D366}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{2A3F7AA3-F01F-499D-BB74-503FA85D1818}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{2F9EE299-0638-43CA-856E-E8EB404E6032}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{3239EE78-EF64-40FD-9DFD-41D99BA74F62}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{326D28E5-7F34-42F3-91E3-C37B85E4319D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{38131380-A9C7-4C23-A572-0CDE8701103A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3A0D3AE4-FC33-48B4-B744-E1B1EFF7DD0F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{544934E9-85FB-4DFA-BE25-6F46B54A098F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{55D44644-63D3-4821-A8C1-671818045DF1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{5955CE69-DFF0-4C3D-8179-1F308884A743}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6040A91D-83CB-4072-B72C-BAEA8F4F3DF5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{6185BFFE-DA46-4161-B09B-4880AA7D5217}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | 
"{621B56BC-7B75-4B00-AA7D-B72BBACF0DF2}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{68391ADE-9EE1-4663-98EE-356F0739A406}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{68EAFAD4-9182-454B-BE4E-6A3E80B2960D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{691BA540-3D6B-4E72-ACF1-D74D7A87BE28}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | 
"{6A94767B-C1E4-4F05-820C-60F71CDC7B22}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{72BBCCB1-D842-47C0-806B-8D6D8FCC5D5B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{77EB0330-B6A0-48BE-ACB5-9FBA58EC5367}" = protocol=6 | dir=out | app=system | 
"{78369529-8040-4B9B-A3C4-5CB14D29FE32}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe | 
"{8047C390-BA49-4305-B62A-82E504C13D08}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{838A831D-EC09-4F6C-8207-1A98C5DF3916}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{8E7B4B00-8331-4D3A-8233-F1D42BEB9B56}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | 
"{8F6B2DF2-F9FC-4987-A4B3-5D63AF1DC3E1}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{94ADA797-3A07-4153-AD25-46A4C83E300D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{9F228050-C817-4B5C-8C43-427CF15E717A}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9FBA3466-52E8-46C8-89E2-2F6597788A75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A34A7DFC-6B96-4809-AE28-4012DDCCE34F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe | 
"{A6D9CE40-98F9-4849-98CF-3687F48C4ADA}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{A728063E-4BE1-4D54-A6CF-32BC892C44AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A98ED5BB-26E9-43C4-AE40-7B21D684D5FD}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe | 
"{AB3A7768-A1B1-4F72-A841-20BEC1E47162}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B0311805-4923-4B5B-9B62-9149392EBBFF}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{B98F074C-0792-49C1-821A-8614534B82D7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BA6E601D-8690-4DFC-95E4-79955A67B934}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C02A4202-5CE1-4FD9-BB0A-E21282033854}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{C128A76F-BC3C-40EA-9380-802279A4C50C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{C22AB342-243C-400A-8B43-FAF5CCF54552}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{C7210823-6C83-4A00-AC1D-3085A38B9AC3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C7A2C6C2-FE1C-469F-AE8D-AD9CBA94B3EA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe | 
"{CE3D4F5F-38D5-4C12-A2A3-44DB72556C30}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{D3025250-70B9-42CD-9D93-4E87865592BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D4634E38-6396-47B6-BD77-67CA2FD48EF1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{D5091628-F3B0-44DF-9711-5E92BE047B51}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D530E518-F778-4185-9172-72FA2854EAEB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{D73781E2-600A-4ACF-B839-949007E5E29C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DEB227B1-5B62-41CD-8592-41903CD125C7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EA94F2FF-1AE4-42E7-8A55-741AA5836D2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EE0EDA24-89AF-4D61-A543-5D1ECB64E0A8}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{F789CA20-4065-4C65-90F1-09E82C143D05}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FA11200A-60F5-48D5-A625-CE57B15675D6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FA68FF9F-7403-4724-B0E3-A4E36F9239D3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{FB03A01C-0691-4D7B-8291-A0A5B31534CC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{FBE0F7B0-6B00-4229-9600-5A056DFEA0C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF54912B-C725-45DC-B857-3C017C8BDE94}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C278B97-9D25-48B0-9A4E-F4F2BB992043}" = EPSON Perfection V200 Photo Scanner Driver Update
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2DF2C6-08F7-40BD-8E85-D16CB436E7F0}" = Free NaturalReader
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = EPSON Event Manager
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EF2B896-B1C1-46E8-83AD-4F940B7A5982}" = MathGV 4
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B78FB576-8BB4-4799-B612-A02B74BA0DF0}" = AVG 2014
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B97FD5DD-1226-49AD-AE6C-BF9DE1468F05}" = CenturyLink Personal Digital Vault™
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C25D2594-3136-4B33-9D32-8F0F5E81F349}" = MGTEK dopisp
"{C330C4F4-FD7C-4821-A210-F8058E1FB81C}" = AVG 2014
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = CenturyLink Installer
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F789C27E-B3EF-4730-9EB5-928B4D8A17C1}" = SF_CDB_ProductContext
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Aleks 3.8" = Aleks 3.8
"AVG" = AVG 2014
"AVG Secure Search" = AVG Security Toolbar
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CenturyLinkQuickCare_is1" = CenturyLink QuickCare 2.7
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)  
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"InboxAce_1gbar Uninstall Internet Explorer" = InboxAce Internet Explorer Toolbar
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Office Depot PC Support Agent" = Office Depot PC Support Agent
"qwesttoolbar" = MyCenturyLink Toolbar
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Shop for HP Supplies" = Shop for HP Supplies
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FF389026-F961-42C5-BACD-B4A3AA73E0F3" = Riverpoint Writer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/16/2014 8:38:32 PM | Computer Name = Scott-PC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
 0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x04829362,  process id 0x784, application start time
 0x01cfa15727b29514.
 
Error - 7/16/2014 10:16:34 PM | Computer Name = Scott-PC | Source = System Restore | ID = 8199
Description = 
 
Error - 7/16/2014 10:38:07 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/16/2014 10:40:53 PM | Computer Name = Scott-PC | Source = System Restore | ID = 8203
Description = 
 
Error - 7/16/2014 11:09:58 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/16/2014 11:12:44 PM | Computer Name = Scott-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 7/17/2014 12:24:45 AM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/18/2014 3:31:05 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/18/2014 4:00:54 PM | Computer Name = Scott-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/18/2014 4:03:53 PM | Computer Name = Scott-PC | Source = System Restore | ID = 8203
Description = 
 
[ Broadcom Wireless LAN Events ]
Error - 12/13/2013 11:00:30 PM | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 21:00:30, Fri, Dec 13, 13 Error - Unable to gain access to user store
 
 
Error - 3/25/2014 8:08:59 PM | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 19:08:58, Tue, Mar 25, 14 Error - Unable to gain access to user store
 
 
Error - 5/3/2014 2:35:40 PM | Computer Name = Scott-PC | Source = WLAN-Tray | ID = 0
Description = 13:35:40, Sat, May 03, 14 Error - Unable to gain access to user store
 
 
[ Media Center Events ]
Error - 11/2/2008 12:09:20 PM | Computer Name = Scott-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 10/7/2009 6:56:12 PM | Computer Name = Scott-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 4/2/2010 12:32:18 PM | Computer Name = Scott-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
Error - 4/8/2010 11:38:00 PM | Computer Name = Scott-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 2/1/2011 3:26:35 PM | Computer Name = Scott-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
 
Error - 12/11/2011 8:07:59 PM | Computer Name = Scott-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 12/11/2011 8:08:31 PM | Computer Name = Scott-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 1/5/2012 12:44:15 PM | Computer Name = Scott-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
 due to an abandoned mutex.'.
 
[ System Events ]
Error - 7/18/2014 3:33:08 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 3:33:09 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 3:33:09 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 4:00:54 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 4:01:35 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 7/18/2014 4:01:35 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 4:01:36 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 4:01:37 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 4:01:38 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 7/18/2014 4:01:38 PM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

Edited by Nettie724, 19 July 2014 - 06:58 PM.


#5 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,815 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 19 July 2014 - 07:10 PM

You posted this in the wrong forum. It should have benn posted in  the Spyware / Malware / Virus Removal forum,

 

I'll see about getting your last two posts moved there.


Rich

Artificial intelligence is no match for natural stupidity.


#6 Nettie724

Nettie724

    Authentic Member

  • Authentic Member
  • PipPip
  • 206 posts

Posted 19 July 2014 - 07:46 PM

Oh sorry! and thanks



#7 Ztruker

Ztruker

    WTT Tech

  • Tech Team
  • 7,815 posts
  • Interests:Helping people fix MS Windows related computer problems of all kinds.

    Good, inexpensive wine (not an oxymoron).

Posted 20 July 2014 - 11:40 AM

Please start a new topic in Spyware / Malware / Virus Removal forum. Looks like there is no way to move your posts until a thread already exists there. You can then copy and paste the info from the two posts you made here or just post here that the new thread has been created and I can move them.

 

Once that's done they will work with you on any malware they find. come back here if you have any additional questions or concerns or it turns out not to be a malware problem.


Edited by Ztruker, 20 July 2014 - 11:41 AM.

Rich

Artificial intelligence is no match for natural stupidity.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users